/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
ber_pvt_sb_buf_init( &p->buf_out );
if ( ber_pvt_sb_grow_buffer( &p->sec_buf_in, SASL_MIN_BUFF_SIZE ) < 0 ) {
LBER_FREE( p );
- errno = ENOMEM;
+ sock_errset(ENOMEM);
return -1;
}
sasl_getprop( p->sasl_context, SASL_MAXOUTBUF,
if ( ( p->sec_buf_in.buf_size < (ber_len_t) ret ) &&
ber_pvt_sb_grow_buffer( &p->sec_buf_in, ret ) < 0 )
{
- errno = ENOMEM;
+ sock_errset(ENOMEM);
return -1;
}
p->sec_buf_in.buf_end = ret;
ber_log_printf( LDAP_DEBUG_ANY, sbiod->sbiod_sb->sb_debug,
"sb_sasl_read: failed to decode packet: %s\n",
sasl_errstring( ret, NULL, NULL ) );
- errno = EIO;
+ sock_errset(EIO);
return -1;
}
/* Still have something left?? */
if ( p->buf_out.buf_ptr != p->buf_out.buf_end ) {
- errno = EAGAIN;
+ sock_errset(EAGAIN);
return -1;
}
}
ber_log_printf( LDAP_DEBUG_ANY, sbiod->sbiod_sb->sb_debug,
"sb_sasl_write: failed to encode packet: %s\n",
sasl_errstring( ret, NULL, NULL ) );
- errno = EIO;
+ sock_errset(EIO);
return -1;
}
p->buf_out.buf_end = p->buf_out.buf_size;
return ld->ld_errno;
}
+ rc = 0;
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
+#endif
ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, &sd );
if ( sd == AC_SOCKET_INVALID ) {
/* not connected yet */
- int rc;
rc = ldap_open_defconn( ld );
- if( rc < 0 ) return ld->ld_errno;
- ber_sockbuf_ctrl( ld->ld_defconn->lconn_sb,
- LBER_SB_OPT_GET_FD, &sd );
+ if ( rc == 0 ) {
+ ber_sockbuf_ctrl( ld->ld_defconn->lconn_sb,
+ LBER_SB_OPT_GET_FD, &sd );
- if( sd == AC_SOCKET_INVALID ) {
- ld->ld_errno = LDAP_LOCAL_ERROR;
- return ld->ld_errno;
+ if( sd == AC_SOCKET_INVALID ) {
+ ld->ld_errno = LDAP_LOCAL_ERROR;
+ rc = ld->ld_errno;
+ }
}
}
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
+#endif
+ if( rc != 0 ) return ld->ld_errno;
oldctx = ld->ld_defconn->lconn_sasl_authctx;
/* we're done, no need to step */
if( scred ) {
/* but we got additional data? */
- Debug( LDAP_DEBUG_TRACE,
- "ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n",
- rc, saslrc, scred ? scred->bv_len : -1 );
-
- ber_bvfree( scred );
- rc = ld->ld_errno = LDAP_LOCAL_ERROR;
- goto done;
+#define KLUDGE_FOR_MSAD
+#ifdef KLUDGE_FOR_MSAD
+ /*
+ * MSAD provides empty additional data in violation of LDAP
+ * technical specifications. As no existing SASL mechanism
+ * allows empty data with an outcome message, just ignore it
+ * for now. Hopefully MS will fix their bug before someone
+ * defines a mechanism with possibly empty additional data.
+ */
+ if( scred->bv_len == 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "ldap_int_sasl_bind: ignoring "
+ " bogus empty data provided with SASL outcome message.\n",
+ rc, saslrc, scred->bv_len );
+ ber_bvfree( scred );
+ } else
+#endif
+ {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldap_int_sasl_bind: rc=%d sasl=%d len=%ld\n",
+ rc, saslrc, scred->bv_len );
+ rc = ld->ld_errno = LDAP_LOCAL_ERROR;
+ ber_bvfree( scred );
+ goto done;
+ }
}
break;
}
sasl_conn_t *ctx;
#if SASL_VERSION_MAJOR < 2
sasl_external_properties_t extprops;
+#else
+ sasl_ssf_t sasl_ssf = ssf;
#endif
ctx = conn->lconn_sasl_authctx;
}
#if SASL_VERSION_MAJOR >= 2
- sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &ssf );
+ sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &sasl_ssf );
if ( sc == SASL_OK )
sc = sasl_setprop( ctx, SASL_AUTH_EXTERNAL, authid );
#else
sasl_security_properties_t *secprops )
{
int i, j, l;
- char **props = ldap_str2charray( in, "," );
+ char **props;
unsigned sflags = 0;
int got_sflags = 0;
sasl_ssf_t max_ssf = 0;
unsigned maxbufsize = 0;
int got_maxbufsize = 0;
- if( props == NULL || secprops == NULL ) {
+ if( secprops == NULL ) {
+ return LDAP_PARAM_ERROR;
+ }
+ props = ldap_str2charray( in, "," );
+ if( props == NULL ) {
return LDAP_PARAM_ERROR;
}
if ( sprops[j].ival ) {
unsigned v;
char *next = NULL;
- if ( !isdigit( props[i][sprops[j].key.bv_len] )) continue;
+ if ( !isdigit( (unsigned char)props[i][sprops[j].key.bv_len] ))
+ continue;
v = strtoul( &props[i][sprops[j].key.bv_len], &next, 10 );
if ( next == &props[i][sprops[j].key.bv_len] || next[0] != '\0' ) continue;
switch( sprops[j].ival ) {
break;
}
if ( BER_BVISNULL( &sprops[j].key )) {
+ ldap_charray_free( props );
return LDAP_NOT_SUPPORTED;
}
}
int sc;
#if SASL_VERSION_MAJOR < 2
sasl_external_properties_t extprops;
+#else
+ sasl_ssf_t sasl_ssf;
#endif
sasl_conn_t *ctx;
}
#if SASL_VERSION_MAJOR >= 2
- sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, arg);
+ sasl_ssf = * (ber_len_t *)arg;
+ sc = sasl_setprop( ctx, SASL_SSF_EXTERNAL, &sasl_ssf);
#else
memset(&extprops, 0L, sizeof(extprops));